Tokens.verify returns an AuthyException rather than a Token if non-numeric or wrong length

[mzhaiclh]

Verifying a token returns:

1. Token object if the entered token is:
   • correct OR
   • incorrect AND is 6-10 numeric digits
2. AuthyException if the entered token is:
   • non-numeric
   • has <6 or >10 digits

This behavior is inconsistent for the following reasons:

1. Suppose an Authy app has the OTP set as the default 7 digits. It does not make sense for the response for entering an incorrect 9 digit code to be different from entering an incorrect 5 digit code. The client should also not be expected to hardcode a 6-10 digit validation.
2. AuthyException is hard to handle because it does not have a status or error code like the Token does, and does not match the responses in the Authy API documentation (https://www.twilio.com/docs/authy/api/one-time-passwords#verify-a-one-time-password).

Since the library cannot access what the expected number of digits in the OTP is for an Authy app, one potential solution is to create a Token object that has the same status code as the normal "incorrect token" response and add the current message in the AuthyException as the message.

[suarezjulian]

Hi @mzhaiclh thank you for creating an issue. I think we should improve the consistency of our response.

We should only return a Token object if the OTP is correct in all other cases we should return an exception.

As you pointed out, currently the exception doesn't have all the info needed to properly identify the error, I think we should add it.

We will add all of this on a new version of the library, which should be out soon

[mzhaiclh]

Awesome, thank you so much! :)